user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    geo $remote_addr $ip_in_log {

        # CIDR Range IPs:
        172.16.0.0/12 0;
        10.0.0.0/8 0;
        192.168.0.0/16	0;
        
        default 1;
        
    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$host" "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main if=$ip_in_log;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    server_names_hash_bucket_size 128;

    ssl_session_cache   shared:SSL:20m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;

    # Mozilla Intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    
    <%
        if (base.dhparamsFilePath) {
    %>
        ssl_dhparam <%-base.dhparamsFilePath%>;
    <%
        }
    %>

    # Don't emit NGINX version on error pages and in the “Server” response header field.
    server_tokens off;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
